Hi Stephen,
sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
Process contexts:
Current context: system_u:system_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0
/usr/sbin/sshd system_u:system_r:sshd_t:s0-s0:c0.c1023
File contexts:
Controlling terminal: system_u:object_r:sshd_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 -> system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 -> system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0 -> system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:lib_t:s0 -> system_u:object_r:ld_so_t:s0
rpm -q libselinux
libselinux-2.5-6.el7.i686
libselinux-2.5-6.el7.x86_64
Please let me know if you want any other details .
Thanks
On Mon, Dec 4, 2017 at 9:30 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
Sorry, I'm wrong; the assert is on avc_running, which implies that theOn Mon, 2017-12-04 at 10:44 -0500, Stephen Smalley wrote:
> On Mon, 2017-12-04 at 15:15 +0530, Aman Sharma wrote:
> > Hi All,
> >
> > I am seeing a number of su core files after a fresh install of Cent
> > OS 7 Machine. In this particular case I have 622 cores files found.
> > The backtrace is given below
> >
> > Reading symbols from /usr/bin/su...Reading symbols from
> > /usr/bin/su...(no debugging symbols found)...done.
> > (no debugging symbols found)...done.
> > [New LWP 15427]
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > Core was generated by `su - informix -c source
> > /usr/local/cm/db/informix/local/ids.env; /usr/local/cm/'.
> > Program terminated with signal 6, Aborted.
> > #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6
> >
> > ====================================
> > backtrace
> > ===================================
> > #0 0x00007f74f109a1d7 in raise () from /lib64/libc.so.6
> > #1 0x00007f74f109b8c8 in abort () from /lib64/libc.so.6
> > #2 0x00007f74f1093146 in __assert_fail_base () from
> > /lib64/libc.so.6
> > #3 0x00007f74f10931f2 in __assert_fail () from /lib64/libc.so.6
> > #4 0x00007f74e9ed46ac in avc_context_to_sid_raw () from
> > /lib64/libselinux.so.1
> > #5 0x00007f74e9ed46e5 in avc_context_to_sid () from
> > /lib64/libselinux.so.1
> > #6 0x00007f74e9ed83ad in selinux_check_access () from
> > /lib64/libselinux.so.1
> > #7 0x00007f74ea0f4d76 in check_for_root () from
> > /lib/security/../../lib64/security/pam_rootok.so
> > #8 0x00007f74f162cf1a in _pam_dispatch () from /lib64/libpam.so.0
> > #9 0x00007f74f162c7e0 in pam_authenticate () from
> > /lib64/libpam.so.0
> > #10 0x00007f74f1a5f857 in su_main ()
> > #11 0x00007f74f1086b35 in __libc_start_main () from
> > /lib64/libc.so.6
> > #12 0x00007f74f1a5e890 in _start ()
> > ====================================
> >
> > From the Back trace logs , looks like crash is related to Selinux.
> > Can Any body Please help me on this. why its getting crash.
>
> Implication is that pam_rootok passed a NULL context to
> selinux_check_access(). Which would be a bug in pam. What does
> sestatus -v show for this machine?
AVC wasn't initialized. sestatus -v would still be useful. Also rpm
-q libselinux.
